Electoral office: It was impossible to manipulate annulled electronic votes
A planned hearing on e-voting audit system flaws was blocked by coalition MPs Monday, but officials overturn claims that 8,000 voided e-votes were vulnerable.
On Monday, coalition MPs on the Riigikogu Anti-Corruption Select Committee voted against discussing security vulnerabilities in Estonia's electronic voting system, arguing that the topic was not appropriate for that specific committee.
Nevertheless, during an open discussion in the committee, Tallinn University of Technology researcher Tarvo Treier presented his academic work, which is serving as the basis for expanding one of the tools used by auditors — an audit application — for the 2027 elections. At the same time, the State Electoral Office rejected claims that the 8,000 electronic votes annulled in the most recent local elections could have been manipulated.
"The electronic voting system is designed in such a way that it is impossible to add, delete or alter e-votes undetected at any stage. This fact is unaffected by whether the auditor conducted the checks manually or automatically," explained Arne Koitmäe, head of the State Electoral Office.
As a result of Treier's research, auditing will become more convenient for auditors, allowing a greater number of checks to be performed automatically in the future. Treier's study specifically focused on improving the usability of the auditing software and did not address whether theoretical internal attacks are realistically feasible or what countermeasures are already in place to mitigate such risks.
"Manipulating e-votes during the annulment of duplicate or repeated votes would require the computer processing the e-votes to be infected with malware. To prevent this, vote processing is carried out on a secure, offline computer equipped with software designed to detect such attacks. The reliability of both the computer and the software is independently verified by the auditor," Koitmäe explained.
Over the years, auditing has been carried out thoroughly, using manual, automated and mathematical methods to eliminate any possibility of manipulation.
"By increasing the level of automation in auditing, we can reduce disputes about whether the auditor was sufficiently convinced of the integrity of the e-vote processing," said Koitmäe.
"In the future, trust will no longer need to be placed in the State Electoral Office or the auditor. Instead, anyone with sufficient IT knowledge will be able to independently verify that e-votes are counted correctly, using the publicly available source code of the voting applications and the test data created by Treier," he added.
The State Electoral Office has been working with researchers from Tallinn University of Technology since 2024 to make electronic vote auditing more transparent, understandable and automated. As part of this cooperation, the audit application was enhanced for the first time ahead of the European Parliament elections, introducing automated cryptogram verification. Based on Treier's most recent academic article, the State Electoral Office is now developing a new software solution for the next Riigikogu elections in 2027.
--
Editor: Johanna Alvin, Marcus Turovski
